2 Configuring Mediation Engine Connector

This chapter describes how to configure Oracle Communications Session Monitor Mediation Engine Connector.

Changing the Default Administrator Password

Start by changing the default administrator password. Click on the user name in the top-right corner and then on the My Profile link. The Edit own user information dialog box appears. Enter the new password twice and click Finish.

Warning:

The default administrator password is easy to guess and is given in the product documentation, which is generally available to sub-users. Oracle strongly recommends changing the administrator password before creating any sub-users.

Configuring Users and Realms

Due to the powerful visibility that Mediation Engine Connector offers inside a network and the associated user privacy risks, a comprehensive user rights management system is available to restrict Mediation Engine Connector users to defined views and functionalities.

When using multiple Mediation Engines with a Mediation Engine Connector, the Mediation Engine Connector is responsible for managing users and realms. The user database and the realm definitions are entered using the Mediation Engine Connector user interface, which then distributes the information across the Mediation Engines. User database and realm definitions should be set up before the Mediation Engines are connected.

Note:

When using multiple Mediation Engines with a Mediation Engine Connector, the Mediation Engine is not responsible for managing users, passwords, and realms.

When a user is created in the Mediation Engine Connector, the information about the user is propagated to all the nodes, but the KPIs for the user are not created. For creating the KPIs for the user, you should login into the Mediation Engine. However, when a user is deleted from the Mediation Engine Connector, the KPIs are also deleted for that user.

Configuring Realms

Realms are used to partition the captured data for presenting a separate view to each Mediation Engine Connector user. This is especially useful in cases where different resellers share the same Mediation Engine Connector instance, each being allowed to view only the SIP users served by themselves.

In the Mediation Engine Connector, a realm is defined by a pattern containing a set of telephone numbers, a set of domains, or both. Realms defined only by a range of telephone numbers should be used when the resellers share the same domain, but have different SIP users. Realms defined only by domain should be used when the Mediation Engine Connector is analyzing the traffic from multiple domains. A combination of both cases defines a pattern with a domain and a telephone number range.

Figure 2-1 shows the Realms Definitions section on the Mediation Engine Connector Settings page.

To add a pattern that defines a realm, click the Add pattern button. A new row appears at the top of the table. The pattern is editable by double clicking on the row.

Name: The name of the realm that defines a reseller.

First Number: The lower limit of the telephone numbers range.

Last Number: The higher limit of the telephone numbers range.

Domain: The domain name. The field is optional as the realm might be identified only by number range.

Comment: An optional comment line, only for convenience.

To delete a selected pattern, click Delete selection. You can import and export realm configuration to and from CSV files, which helps in maintaining the realm configuration when many patterns have been defined.

You may also provision realm patterns automatically by uploading a similar CSV file via FTP.

Figure 2-1 Realm Configuration

Description of ''Figure 2-1 Realm Configuration''

Configuring User Access

A user is identified by a name, a set of access rights, a set of relations with other users, a realm to which the user belongs, an e-mail address, and a logo image file.

Users are organized hierarchically, with admin being the root user (default password oracle) with unrestricted access. Every user can create a set of sub-users, who have less permissions than their parent user.

User interface access is defined by permissions, that control which pages or sections from the user interface the user can see and use, and should be defined by the parent user when the user is created.

User management is similar to the process in the Mediation Engines. The difference being that users provisioned in the Mediation Engine Connector are duplicated to all Mediation Engines belonging to it.

Configuring External Authentication Authorization

The Mediation Engine Connector supports authenticating users using an external authentication provider, like LDAP, RADIUS, or single sign-on authentication. This authentication must be configured on the reverse proxy (NGINX or Apache) which acts as a gateway for the Mediation Engine Connector. Authorization for the user must be done using Mediation Engine Connector permissions, as described in the section, "Configuring User Access".

If external authentication is enabled in the Mediation Engine Connector settings, the X-Forwarded-User HTTP header set by the reverse proxy must contain the authenticated user's login name. Configuration file for Apache, which sets up HTTP basic external authentication, can be found at the location, /opt/oracle/ocsm/etc/httpd/conf.d.

Configuring the Mediation Engine Connector URL and Authentication Secret

Mediation Engines communicate with their Mediation Engine Connector using an http address under which Mediation Engine Connector is reachable. In most cases, it appears in the form of http://fully.qualified.hostname/, where fully.qualified.hostname is the fully qualified hostname of the Mediation Engine Connector in your network.

You also need to enter an authentication secret, which is used to authenticate the Mediation Engines to Mediation Engine Connector.

These two settings can be entered on the Settings page in the Mediation Engine: ME Connector section.

Figure 2-2 shows an example of Mediation Engine Connector settings.

Figure 2-2 Mediation Engine Connector Settings

Description of ''Figure 2-2 Mediation Engine Connector Settings''

Connecting Mediation Engine with Mediation Engine Connector

To connect Mediation Engine with Mediation Engine Connector:

Log into Mediation Engine.
Under Settings, click ME Management.
Select the desired node, double-click the disabled column field, and select yes from the drop-down list or click Add to add a new node.
(Optional) Add a new node by doing the following:
1. Click Add.
  
  A new row gets added.
2. Double-click the Node name field, and enter the Mediation Engine node name.
3. Double-click the Hostname or IP field, enter the IP address or Hostname of the Mediation Engine.
4. Double-click the Shared secret field, enter the shared secret of the Mediation Engine.
5. The Connection responsive field auto populates as following:
  - True. If node entries are valid and node connection is successful.
  - False. If either node entries are not valid or the node connection is unsuccessful.
6. Double-click the Disabled field, select the option yes or no from the drop-down list for enabling or disabling the node.
Click Save.

Result: Mediation Engine node is added.

Important:
When adding a new Mediation Engine, the list of local users on the Mediation Engine might be lost. Any local users and realms in the Mediation Engine will be replaced with the current list of users and realms that exist on the Mediation Engine Connector. If there are users and realms on the Mediation Engine that do not exist on the Mediation Engine Connector, these will be lost.
Log into Operation Monitor.
Click Admin and then click Settings.
Click Mediation Engine Connector.
In the Authentication Token field, enter your choice of token details for the Mediation Engine, and click Update.

Note:
For Mediation Engine Connector to connect to Mediation Engine, the token values entered while adding the Mediation Engine node must match with the value mentioned in the Authentication Token field.
You must note down the token details for future reference.

Result: Mediation Engine connects with the Mediation Engine Connector.

Note:

It is not possible to retrieve information about the calls in other nodes on that Mediation Engine node. By this procedure, the Mediation Engine and the Mediation Engine Connector are disconnected so the Mediation Engine will be on its own when it comes to information, it can use at that time. No other implications are known.

Disconnecting Mediation Engine from Mediation Engine Connector

To disconnect Mediation Engine from Mediation Engine Connector:

Log into Operation Monitor.
Click Admin and then click Settings.
Click Network.
Click Mediation Engine Connector.
Click Unlink MEC….

Note:
You can only unlink Mediation Engine from Mediation Engine Connector by clicking Unlink MEC…. To connect back, you have configure the Mediation Engine by logging into Mediation Engine Connector.

Hint:
To view the details of the Mediation Engine you are disconnecting, click System Settings and then double-click the entry, Name of this Mediation Engine.

Result: The Mediation Engine is disconnected from Mediation Engine Connector.

Note:

Though, Mediation Engine disconnected from Mediation Engine Connector, Mediation Engine details appears in the mediation engine list. To remove the Mediation Engine from the list, navigate to ME Management, select the node, click Delete Selected and the click Save. If you click Replicate Configuration, the mediation engine will connect back to the Mediation engine connector. Make sure to note down all the fields of this entry before disconnecting for future reference.

Setting the Timeout for Call Searches in Mediation Engine Connector

In Mediation Engine Connector, the setting, Timeout for call searches in seconds controls the time a call search is performed in the nodes, using simple search, advanced search, or user tracking search

When searching for a call event in the Mediation Engine Connector, all mediation engine nodes are queried. If a Mediation Engine node identifies a call event, it queries the neighboring nodes to check for additional call legs.

Use the setting, Timeout for call searches in seconds to set the timeout for the full call search from the Mediation Engine Connector nodes to the Mediation Engine nodes.

To set the timeout for call searches:

In a web browser, log in to Mediation Engine Connector.

The Mediation Engine Connector screen appears.
From the user list, select Settings, where user is your login name.
Under Mediation Engines, select Node Connection Settings.

The Node Connection Settings screen appears.
In the Timeout for call searches in seconds field, enter the number of seconds after which the call search ends.
Click Save.

Table 2-1 Node Connection Settings Fields

Field	Description
Timeout for node connection in seconds	This timeout applies to any request sent from the Mediation Engine Connector to the Mediation Engine nodes.
Time range for call searches in seconds in simple search	When searching for a call in the Call Search panel, this is the amount of time (in seconds) traversed to search for queried call. The search displays only the calls not older than mentioned number of seconds. The default search limit for simple search is 900 seconds.
Time range for call searches in seconds in advanced search	When searching for a call, in the Advanced Search panel, this is the amount of time (in seconds) traversed to search for queried call. The search displays only the calls not older than mentioned number of seconds. The default search limit for advanced search is 86400 seconds.
Timeout for call searches in seconds	This timeout applies only to call search requests from the Mediation Engine Connector to the Mediation Engine nodes.
Use same timeout as for node connections	If you select the checkbox, the setting, Timeout for call searches in seconds will have the same value as setting, Timeout for node connections in seconds. If the checkbox is not selected, then Timeout for call searches in seconds may have different value than Timeout for node connections in seconds.

Adding Mediation Engines

The last step in setting up Mediation Engine Connector is to add connections to the Mediation Engines. You must first prepare each Mediation Engine so that it is ready for connections from Mediation Engine Connector. To prepare probing for a connection from Mediation Engine Connector, go to the Settings page of the Mediation Engine, navigate to the Network: Mediation Engine Connector section, and set the secret key.

Figure 2-3 shows an example of secret key setting.

Figure 2-3 Setting the Authentication Secret

Description of ''Figure 2-3 Setting the Authentication Secret''

You can now add the Mediation Engine to the Mediation Engine Connector configuration in the Mediation Engine Management section of the Settings page of Mediation Engine Connector.

Figure 2-4 shows an example of a Mediation Engine configuration.

Figure 2-4 Mediation Engine Management

Description of ''Figure 2-4 Mediation Engine Management''

Click Add, a new row appears at the top of the table. To edit a field, double click on it. Enter a name for the Mediation Engine. The name you enter forms part of the URL under which the Mediation Engine is reachable from the Mediation Engine Connector. You also must enter the Mediation Engine's base URL along with the Mediation Engine's secret. The former must be the HTTP URL under which the Mediation Engine's user interface is reachable. The secret must match the one you entered while preparing the probe. Click Save when you are finished.

The Mediation Engine is added to Mediation Engine Connector and is available in the Mediation Engine selection in the header bar of the Mediation Engine Connector user interface.

When adding a new Mediation Engine, a warning is displayed when the connection is made, indicating that the following settings in Mediation Engine are going to be overridden by the settings in the Mediation Engine Connector:

Custom header for realm definition
Headers in which to look for realm URIs
Use user domains
Expire passwords periodically
Enforce stringent password rules
User default locale

Important:

When adding a new mediation engine, the list of local users on the mediation engine might be lost. Any local users and realms in the mediation engine will be replaced with the current list of users and realms that exist in Mediation Engine Connector. If there are users and realms on the mediation engine that do not exist in Mediation Engine Connector, these will be lost.

Password Settings for User Account

You can define the password settings for users using Mediation Engine Connector settings.

To modify the password settings:

Login to Mediation Engine Connector as an admin.
Click admin and select Settings.

The Settings screen appears.
From the Settings menu, click Password Settings.
To enforce users to change their password regularly, set the time period by doing the following:
1. Select Force users to change their password regularly.
2. Enter the number of days in the Period in days to force password change for users with access to sensitive data field. The default setting is 90 days.
3. Enter the number of days in the Period in days to force password change for users without access to sensitive data field. The default setting is 180 days.
4. Click Save to save the changes or click Cancel.
Note:
The entries in these fields are applied when the user changes the password next time.
Enforce stringent password rules by doing the following:
1. Select Enforce stringent password rules to increase the level of security required in user passwords.
  Note:
  A stringent password:
  - Should not begin with a digit
  - Must contain at least one uppercase letter
  - Must contain at least one lower case letter
  - Must contain at least one digit
  - Must contain a special character such as @, #, $, -, _
  - Must be different from the previous password
2. By default, the account gets locked after three unsuccessful attempts for 15 minutes.
3. Click Save.